I have configuration that works well when HTTPS is in the URL but of course, when it is HTTP, it fails. The problem is, I must specify the port number in the URL. I am using this as a way to test individual servers. So the website name must remain unchanged to work with the SSL cert but I can assign one port (and an associated frontend and backend) in the haproxy.cfg file to route to the correct server.

The problem happens when for what ever reason, HTTPS is not specified but the magic port number is. Some apps do a redirect (code beyond my control) and because the server is only running on port 80 without SSL and haproxy is doing all the SSL work, the app doesn’t realize it needs to redirect to https://… so it just redirects to the http:// version and that is where things break.

The frontend port801_combined detects whether the incoming request is SSL/HTTPS or plaintext HTTP.
It forwards the traffic to backend recir_http if the it is plaintext HTTP.
Otherwise it forwards the traffic to backend recir_https.

The backend recir_http sends all the traffic to the frontend fe-http via the socket abns@haproxy-http.

The backend recir_https sends all the traffic to the frontend fe-https via the socket abns@haproxy-https.

Ultimately, I did some tweaking to include the port number into all of the reference points and because I have several servers that I want to be able to address individually, I needed to replicate this process once for each port 801, 802, 803, etc.

Feels clunky, but since these only exist for testing purposes and cannot be accessed from the world because of our firewall, this works pretty well. If there is a simpler way, would love to know it but this will do the trick for me.